tramyardg/hotel-mgmt-system

tramyardg/hotel-mgmt-system

Releases0

Stars309

Hotel booking system for customers added with an admin feature to manage reservations.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-48090 ↗	Jan 13, 2023Friday, 13 January 2023, 19:15	6.5 MEDIUM	—
Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to SQL Injection via /app/dao/CustomerDAO.php.
CVE-2022-48091 ↗	Jan 13, 2023Friday, 13 January 2023, 19:15	5.4 MEDIUM	—
Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to Cross Site Scripting (XSS) via process_update_profile.php.
CVE-2022-36254 ↗	Sep 12, 2022Monday, 12 September 2022, 04:15	5.4 MEDIUM	—
Multiple persistent cross-site scripting (XSS) vulnerabilities in index.php in tramyardg Hotel Management System 1.0 allow remote attackers to inject arbitrary web script or HTML via multiple parameters such as "fullname".
CVE-2022-27475 ↗	Apr 13, 2022Wednesday, 13 April 2022, 12:15	6.1 MEDIUM	4.3 MEDIUM
Cross site scripting (XSS) vulnerability in tramyardg hotel-mgmt-system, allows attackers to execute arbitrary code when when /admin.php is loaded.
CVE-2021-41651 ↗	Oct 4, 2021Monday, 4 October 2021, 19:15	7.5 HIGH	5 MEDIUM
A blind SQL injection vulnerability exists in the Raymart DG / Ahmed Helal Hotel-mgmt-system. A malicious attacker can retrieve sensitive database information and interact with the database using the vulnerable cid parameter in process_update_profile.php.